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Claims 

1. Method for managing compiled filter code for processing data packets wherein 
compiled filter code is managed in a plurality of pieces. 

2. Method according to claim 1 comprising the steps of 

- incrementally compiling at least one rule for obtaining a piece of code by a rule 
compiling entity, 

- transmission of said piece of filter code from a rule compiling entity to a packet 
processing entity, 

- pausing of processing of packets by said packet processing entity, 

- writing of said piece of filter code to memory means, and 

- continuing of processing of packets by said packet processing entity. 

3. Method according to claim 1 comprising the steps of 

- incrementally compiling at least one rule for obtaining a piece of code by a rule 
compiling entity, 

- signalling from said rule compiling entity to a packet processing entity that a new 
piece of code is compiled, 

- signalling from said packet processing entity to said rule compiling entity that 
said packet processing entity is ready for storage of said piece of code, 

- writing said piece of code to a memory means, and 

- signalling from said rule compiling entity to said packet processing entity that 
said piece of code is written to said memory means. 

4. Method according to claim 1 wherein 

said pieces are pages having a predetermined length. 
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5. Method according to claim 4 wherein 
shadow paging is used. 

6. Method according to claim 5 comprising the steps of 

5 - processing packets according to at least one first set of code pages, 

- creating a second set of code pages to represent the set of code pages to be used 
after a certain point in time, 

- processing packets received after said certain point in time according to said 
second set of code pages, and 

y> 10 - processing packets received before said certain point in time according to said at 
q least one first set of code pages. 

z: 7. Method according to claim 6 comprising within said step of creating a second 

=P set of code pages the steps of 

M= 15 - assigning members of an existing code page set to be members of said second set 

U 

fy of code pages, and 

q - removing a code page from said second set of code pages. 

8. Method according to claim 6 comprising within said step of creating a second 
20 set of code pages the steps of 

- creating a new code page, and 

- assigning said new code page to be a member of said second set of code pages. 

9. Method according to claim 6 comprising the step of 

25 removing a code page from the memory element storing the code pages, when the 
code page is not any more a member of any set of code pages in use. 
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10. Method according to claim 4 wherein each page of code is associated with a 
reference number for observing the order of the code pages. 

11. Method according to claim 10 wherein the order of any two code pages is 
determined by comparing values of v(x) calculated from the reference numbers 
associated with the code pages, v(x) being calculated substantially by the formula 

v(x) = r(x) - r(b) mod M 
where r(x) is the reference number associated with a code page x being compared, 
r(b) the reference number of the base code page, and M the size of the set of 
allowed reference numbers {0, 1, 2, ... , M-l }. 

12. Computer software program product for processing data packets based on 
compiled filter code comprising computer program code means for managing the 
compiled filter code in a plurality of pieces. 

13. Computer software program product according to claim 12further comprising 

- computer program code means for incrementally compiling at least one rule and 
for producing at least one piece of code, and 

- computer program code means for updating a memory means with said at least 
one piece of code. 

14. Computer software program product according to claim 12 further comprising 

- computer program code means for implementing shadow paging of pages of filter 
code. 

15. Computer software program product according to claim 14 further comprising 

- computer program code means for processing packets according to at least one 
first set of code pages, 
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- computer program code means for creating a second set of code pages to 
represent the set of code pages to be used after a certain point in time, 

- computer program code means for processing packets received after said certain 
point in time according to said second set of code pages, and 

- computer program code means for processing packets received before said 
certain point in time according to said at least one first set of code pages. 

16. Computer software program product according to claim 12 wherein the 
computer software program product is a software routine library. 

17. A computer program comprising instructions adapted for carrying out the steps 
of the method according to any one of claims 1 to 11. 

18. Computer network node for processing of data packets according to compiled 
filter code comprising means for managing the compiled filter code in a plurality 
of pieces. 

19. Computer network node according to claim 18 further comprising 

- means for incrementally compiling at least one rule and for producing at least one 
piece of code, and 

- means for updating a memory means with said at least one piece of code. 

20. Computer network node according to claim 18 further comprising means for 
implementing shadow paging of pages of filter code. 

21. Computer network node according to claim 18 further comprising 

- means for processing packets according to at least one first set of code pages, 
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- means for creating a second set of code pages to represent the set of code pages 
to be used after a certain point in time, 

- means for processing packets received after said certain point in time according 
to said second set of code pages, and 

5 - means for processing packets received before said certain point in time according 
to said at least one first set of code pages. 

22. Computer network node according to claim 18 wherein the node 
is a virtual private network node. 

10 

23. Computer network node according to claim 18 wherein the node 
is a router node. 

24. Computer network node according to claim 18 wherein the node 
15 is a firewall node. 

25. Computer network node according to claim 18 wherein the node 
is a workstation. 

20 26. System for processing of data packets according to compiled filter code 
comprising 

means for managing the compiled filter code in a plurality of pieces. 

27. System according to claim 26 comprising 

25 - means for incrementally compiling a set of rules and for producing at least one 
piece of code, and 

- means for updating a memory means with said at least one piece of code. 

28. System according to claim 26 comprising 
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means for implementing shadow paging of pages of filter code. 



29. System according to claim 26 further comprising 

- means for processing packets according to at least one first set of code pages, 

5 - means for creating a second set of code pages to represent the set of code pages 
to be used after a certain point in time, 

- means for processing packets received after said certain point in time according 
to said second set of code pages, and 

- means for processing packets received before said certain point in time according 
10 to said at least one first set of code pages. 



30. System according to claim 26 further comprising 
4^ a memory component having a first access port and a second access port, and 

H 15 means for processing data packets, said means for processing data packets being 
ffj arranged to access said memory component via said first access port, and 

q said means for managing the compiled filter code being arranged to access said 

memory component via said second access port. 
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